<?php

function validation1($usr, $clientpass, $serverpass, $dbc) {
//$clientpass and $serverpass correspond to a session!
	//require ('mysqli_connect.php');
	$q = "SELECT * FROM users where user='". mysqli_real_escape_string($dbc, $usr) ."'";
	$r = @mysqli_query ($dbc, $q);
	if($r) {
		$user = mysqli_fetch_array($r, MYSQLI_ASSOC);
		if($user) {
			if($clientpass == $serverpass)  {
				if( ( (int)$serverpass % (int)$user['logkey'] ) == 0) return $user;  //validation done (correct)
				else return 3; //user logged in, match with a session, but not his session (hack with a logged user)
			}
			else return 2; //user exist, but doesn't match with his actual session (hacks, not logged user)
		}
		else return 1; //invalid username (during an open session)
	}
	else return 4; // Database connection error
}

function select($r) {
	$select = array ();
	$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
	while($row) {
		$select[] = $row;
		$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
	}
	return $select;
}

function create($user, $shuser = $user, $numev = 0, ) {
//--------------SHARES LIST!
$html = array();
	$q = "SELECT count(idevent) as total, iduser, owner FROM share where (iduser=". $user['iduser'] ." and owner!=". $user['iduser'] .") group by iduser, owner";
	$r = @mysqli_query ($dbc, $q);
	$select = select($r);
	//create a table with a row to go Back to mine
	$left_html .= "\n\t\t\t<table>\n";
	$left_html .= "\t\t\t\t<tr><td><a href='". $webpage ."?curr=". $sections[0] ."'>Back to mine</a></td></tr>\n";
	if($select){ //if there are 1 or more shared events...
		$shareslist = array();
		foreach ($select as $shuser) { //get the name of those users
			$q = "SELECT * FROM users WHERE (iduser=". $shuser['owner'] .")";
			$r = @mysqli_query ($dbc, $q);
			$shuserinfo = mysqli_fetch_array($r, MYSQLI_ASSOC);
			$shareslist[] = $shuserinfo;
			//add a row to the table with the name of every user
			$left_html .= "\t\t\t\t<tr><td><a href='". $webpage ."?curr=". $sections[0] ."&shuser=". $shuserinfo['user'] ."'>". $shuserinfo['name'] ."(". $shuser['total'] .")</a></td></tr>\n";
		}
	}
	else { //if there aren't shared events
		$left_html .= "\t<tr><td>Shared events empty</td></tr>\n";
	}
	//close the table
	$left_html .= "\t\t\t</table>\n";
$html['left'] = $left_html;
	
	//meiga
	$q = "SELECT * FROM share WHERE (idevent=". $_GET['ev'] . " and iduser=". $user['iduser'] .")";
	$r = @mysqli_query ($dbc, $q);
	$event = mysqli_fetch_array($r, MYSQLI_ASSOC);
	if($event){
		//if the user can...
		$q = "SELECT * FROM events WHERE idevent=". $event['idevent'];
		$r = @mysqli_query ($dbc, $q);
		$eventinfo = mysqli_fetch_array($r, MYSQLI_ASSOC);
		
		//mostra info
		$right_html .= "\t<table>\n";
			$right_html .= "\t\t\t\t<tr>";
				$right_html .= '<td>Task: </td>';
				$right_html .= '<td class="scol">' .stripslashes( htmlspecialchars ($eventinfo['task'])). '</td>';
			$right_html .= "</tr>\n";
			$right_html .= "\t\t\t\t<tr>";
				$right_html .= '<td>Hour: </td>';
				$right_html .= '<td class="scol">' .stripslashes( htmlspecialchars ($eventinfo['hour'])). 'h </td>';
			$right_html .= "</tr>\n";
			$right_html .= "\t\t\t\t<tr>";	
				$right_html .= '<td>Description: </td>';
				$right_html .= '<td class="scol">' .stripslashes( htmlspecialchars ($eventinfo['descrip'])). '</td>';
			$right_html .= "</tr>\n";
			$right_html .= "\t\t\t\t<tr>";	//ueep
				$right_html .= '<td>Shared with: </td>';
					$q = "SELECT * FROM share WHERE (idevent=". $_GET['ev'] . " and iduser!=". $user['iduser'] .")";
					$r = @mysqli_query ($dbc, $q);
					$sharew = select($r);
					$userinfo = array();
					for($i=0; $i<sizeof($sharew); $i++) {
						$q = "SELECT * FROM users WHERE iduser=". $sharew[$i]['iduser'];
						$r = @mysqli_query ($dbc, $q);
						$userinfo[] = mysqli_fetch_array($r, MYSQLI_ASSOC);
					}
					if($userinfo) {
						$right_html .= '<td class="scol">'. $userinfo[0]['name'];
						for($i=1; $i<sizeof($userinfo); $i++) { $right_html .= ', '. $userinfo[$i]['name'];}
						$right_html .= '</td>';
					}
					else { $right_html .= '<td class="scol">Not already shared</td>';}
				$right_html .= "</tr>\n";
			$right_html .= "\t\t\t</table>\n";
		
			$getevent = true;
	}
	else{
		//if the user can't...
		$right_html .= "\t<table>\n";
			$right_html .= "\t\t\t\t<tr>";
			$right_html .= '<td>This event doesn\'t exist or it isn\'t shared with you.</td>';
		$right_html .= "</tr>\n";
		$right_html .= "\t\t\t</table>\n";
	}
}
	
			else { //There isn't an event and you can insert an event
				$right_html .= "\t\t\t<table>\n";
					$right_html .= "\t\t\t\t<tr>";
						$right_html .= '<td><form action="../insertevent.php" method="POST">';
						$right_html .= '<p>Hour:<select name="H">';
						for($i=7; $i<23; $i++) {$right_html .= '<option value="'.$i.'">'.$i.'</option>';}
						$right_html .= '</select></p></td><td><p>Day:<select name="D">';
						for($i=1; $i<sizeof($days); $i++) {$right_html .= '<option value="'.$days[$i].'">'.$days1[$i].'</option>';}
						$right_html .= '</select></p></td><td><p>Task:<input type="text" name="task" value=""/></p></td>';
						$right_html .= '<td><p>Descrip:<input type="text" name="descrip" value=""/></p></td>';
						$right_html .= '<td><p><input type="hidden" name="user" value="'. $user['iduser'] .'"/>';
						$right_html .= '<input type="submit" name="submit" value="Add"></p>';
						$right_html .= '</form></td>';
					$right_html .= "</tr>\n";
				$right_html .= "</table>\n";
			}
	

	
return $html;
}

